March 22, 2024

IFLR 2024

1. IFLR 2024

we are excited to have been shortlisted by IFLR in the 2024 IFLR Africa Awards under three categories;
Deal of the year: Capital Markets;
Deal of the year: Restructuring, and National Law Firm of the Year

we are grateful to IFLR for this recognition and congratulate the ABS team for this hard work.

download (1)
May 16, 2023

Fintech 2023

1. Fintech Market

1.1 Evolution of the Fintech Market Recent Developments
Ghana’s fintech market covers the business, banking, health and insurance sectors. The Gha- naian fintech market has experienced significant growth over the past year.

Mobile money services

Mobile money services dominate the fintech landscape in Ghana. They are operated by tel- ecommunications companies, with MTN Ghana, Vodafone Ghana and AirtelTigo Ghana as the active players in the industry in Ghana. Initially, their services were limited to the deposit and withdrawals of funds; however, the platforms now allow users to pay utility bills, obtain credit services, receive remittances, and send and receive money from banks. The banking sec- tor has also adopted fintech solutions in service delivery, with a number of banks collaborating with fintech start-ups and other tech companies to offer mobile money services through bank- ing apps. For example, GT Bank Ghana and Fidelity Bank Ghana have both partnered with Expresspay to provide mobile money services to customers. A Bank of Ghana Economic and Financial Data report indicated that the number of active mobile money users has increased to 401 million users with a total value of transac- tions at GHS82.9 billion as of December 2021. In a recent Bank of Ghana report on Fintech Statistics in Ghana, it was reported that, as at December 2022, the total volume of e-money transactions stood at 488.2 million and the total value of the transactions amounted to GHS122.1 billion (equivalent to USD9.5 billion).

Link to PDF
Fintech 2023 017_GHANA

 

August 3, 2021

Outsourcing 2020

Ghana is experiencing an increase in outsourcing trends within some of its key industry sectors, particularly telecommunications, banking, insurance, oil and gas services, healthcare and energy. The objective for these businesses is to lower costs, increase efficiency and provide a better focus on their core competencies with increased flexibility to respond to dynamic business conditions in their industry sectors. Outsourcing is providing businesses in Ghana with the opportunity to take advantage of state-of-the-art technology without the commensurate investment in IT infrastructure and IT specialists.

The increase in the automation of business processes and security risks have contributed significantly to the development of the outsourcing industry in Ghana. As a result of these developments there is greater awareness by government, businesses and individuals of data privacy, cyber security and compliance.

In Ghana, the most commonly outsourced IT functions are:

  • telecommunications;
  • website development, management and maintenance;
  • software and application development;
  • database development;
  • technical support/help desk;
  • infrastructure; and
  • cyber security.

Ghana recorded its first case of COVID-19 on 13 March. The COVID-19 pandemic has compelled Ghanaian businesses to innovate as they seek to thrive in a “new normal.” Businesses are working with their IT outsourcing partners to increase their ability to conduct work virtually, expand the scope in remote delivery models as well as automate and enhance their security systems. Even the most conservative of businesses that believed in the necessity of face-to-face interactions or physical proximity for the effective conduct of their businesses are effectively transitioning to a virtual environment.

Africa is becoming a favoured international location for business process outsourcing (BPO). Leading industry reports place Ghana as the top outsourcing destination in West Africa as a result of strong government support for companies that outsource their services to the country and attractive tax incentives. Ghana has strong public institutions and a developed financial industry. Further, low labour costs, geopolitical stability, major investment in telecommunications infrastructure, a large pool of an English-speaking labour force and a favourable time zone as well as a zero-tax policy for companies for ten years and only 8% tax following the initial ten-year tax-free period have contributed to its position.

The BPO industry is part of the government’s transformational agenda to develop the services sector of the economy. The Accra Digital Centre is a BPO hub created by government with an expectation that it will create about 10,000 direct and indirect jobs. Ghana’s recent selection as the host country for the African Continental Free Trade Area (AfCFTA) should also be a major factor in encouraging BPOs by foreign companies to use Ghana as a base for expansion into the AfCFTA.

The most common BPOs in Ghana are;

  • knowledge process outsourcing;
  • legal process outsourcing;
  • research process outsourcing;
  • recruitment process outsourcing;
  • account process outsourcing;
  • payroll process outsourcing;
  • business continuity/disaster recovery; and
  • transportation/fleet management.

Increasingly, companies with limited financial or logistics capacity are turning to outsourcing for warehousing, logistics and distribution, particularly in the retail sector, in order to increase efficiency and profitability. Public sector procurement outsourcing in the healthcare sector has seen an increase during the COVID-19 period.

In the private healthcare sector, Ghanaian start-up mPharma has developed proprietary supply chain software that enables it to implement vendor managed inventory for independent healthcare providers in Africa. Further, mPharma has built a pharmacy benefits management (PBM) service for health insurance companies.

Additionally, companies with limited financial or logistics capacity are increasingly turning to outsourcing for warehousing, logistics and distribution, particularly in the retail sector, to increase efficiency and profitability.

In Ghana, new technologies such as Artificial Intelligence (AI), Robotic Process Automation (RPA), Block Chain Technology and Smart Contracts are gradually evolving. As with other countries, new technologies are being explored in areas such as data storage, financial transactions, telecommunications, real estate, and asset management. The telecommunications sector for example utilises Robotic Process Automation (RPA) and Business Process Automation (BPA) to gather customer data or customer credit usage and generate a package for each customer according to their monitored data usage.

The technology giant Google opened its first AI Research Centre on the African continent in Ghana in April 2019. Google has partnered with universities, government and local institutions to help develop a new generation of AI developers in Ghana and the rest of Africa and ensure that the right education and opportunities are in place. With these developments it is expected that machine learning technology and AI will take off in Ghana, particularly in the agriculture, healthcare and education sectors. There is also an emerging market in Ghana for bitcoin and cryptocurrencies under blockchain technology.

Drone based AI research and technology is on the increase and resulted in benefits in research in and digitisation in the agriculture and healthcare sectors. For example, some farmers are already improving productivity by using drones for crop diagnostics, more precision spraying covering wider areas much more efficiently. In the healthcare sector, government has outsourced part of the distribution of its medical supplies to a US-based drone services company, Zipline, that uses drones to carry medical supplies to remote parts of the country in its quest to achieve universal access to medicines.

IT and BPO outsourcing continue to dominate the market in Ghana. However, businesses in the financial services, energy, telecommunications, oil and gas services and other sectors are demonstrating an increased willingness to outsource certain key business activities to third parties. A key example of this is within the banking sector where key functions such as online payment services, credit scoring and clients’ verification of identity applications are outsourced to fintech companies. Most of the major telecommunications companies in Ghana have also set up mobile money platforms which essentially operate as mobile banks for the unbanked, which form a large part of the population. Such companies outsource the banking aspects of running the mobile banking business to the traditional banks.

Similarly, insurance companies are increasingly collaborating with banks and telecommunications companies for collection of their premiums such that customers of the insurance companies can pay for renewal of their policies at the partner banking institution by use of the mobile money platform instead of visiting the insurance companies, which has traditionally been the case in Ghana. Organisations are increasingly relying more on digitisation and less on manual processing. In the telecommunications sector, there are now virtual servers which can run several applications at the same time, an innovation which was previously not utilised by that sector. Cloud technology is also being gradually embraced by large organisations.

The Impact of COVID-19

In the wake of the COVID-19 pandemic, the government of Ghana has re-emphasised its e-government programme and e-business generally as part of its agenda for financial inclusion of Ghana’s large unbanked population and to build a “cash-lite” economy in order to reduce human contact in the conduct of everyday business transactions. The government’s Mobile Money Interoperability platform, namely, Ghana Interbank Payment and Settlement Systems (GHIPSS) that was launched by the Bank of Ghana in 2018 facilitates mobile money transfers across different telephone networks and enables customers to conduct:

  • business-to-business payments;
  • person-to-person fund transfers;
  • business-to-person payments;
  • person-to-business payments (emergency bill/fee/utility payment);
  • person-to-government payments; and
  • government-to-government payments.

This platform together with the Bank of Ghana’s “cash-lite” agenda and government’s e-government awareness programmes, has resulted in a significant increase in cashless transactions, particularly in the COVID-19 era.

Generally, there is no specific legislation in Ghana that regulates outsourcing, however, the Labour Act, 2003 (Act 651) (the “Labour Act”) and Labour Regulations, 2007 contain provisions which provide legal and regulatory restrictions on outsourcing. The legislation permits an employer to employ a worker through a centre or a private employment centre. However, there is a comprehensive outline of the guidelines to be followed in running such a centre or agency. Further, any person who contravenes any of the provisions relating to outsourcing commits an offence and is liable on summary conviction to a fine of 25 penalty units.

One penalty unit is equivalent to GHS12 (USD2.07 as at 14 October 2020).

Companies should note the following:

  • there is legislation which may impact on outsourcing in certain industry specific sectors as listed below (see 2.2 Industry-Specific Restrictions); and
  • all public sector outsourcing is regulated by the Public Procurement Act 2003 (Act 663), regardless of the industry sector under which the services to be outsourced falls (see 2.2 Industry-Specific Restrictions).

Outsourcing transactions in the financial services sector are regulated by a number of sector-specific legislations as follows:

  • The Banks and Specialised Deposit-Taking Act, 2016 (Act 930);
  • Ghana Deposit Protection Act, 2016 (Act 931);
  • Public Financial Management Act, 2016 (Act 921);
  • Securities Industry Act, 2016 (Act 929); and
  • Unit Trusts and Mutual Funds Regulations 2001.

The cumulative effect of the above legislation is as follows:

  • a bank, specialised deposit-taking institution or financial holding company shall not outsource a function to any other person without the written approval of the Ghana’s central bank, namely the Bank of Ghana. Further, the Bank of Ghana has the right to appoint such competent persons as advisors for the bank or specialised deposit-taking institution or financial institution where it considers it necessary;
  • the board of the relevant institution reserves the right to appoint persons who may be able to give assistance to it;
  • the Minister of Finance has the power to appoint issuing agents, registration agents, primary dealers and other agents to facilitate primary and secondary market transactions in government debt securities;
  • public officials may be transferred or seconded to give assistance to the Securities Exchange Commission. The Securities Exchange Commission also has the power to engage the services of advisors and consultants on the recommendation of its board; and
  • with regard to unit trusts and mutual funds the board of directors of a company may:
    1. enter into underwriting or sub-underwriting contracts in relation to the subscription or purchase of any investment;
    2. appoint a custodian to discharge the obligations laid on the custodian by law and related regulations; and
    3. appoint a manager to manage a mutual fund established under the Unit Trusts and Mutual Funds Regulations 2001.

The underwriter, custodian or manager of the relevant fund to which the services are outsourced must comply with strict rules set out by the Securities Exchange Commission.

A bank, specialised deposit-taking institution or financial holding company which outsources a function to any other person without the written approval of the Bank of Ghana shall pay to the Bank of Ghana an administrative penalty of 1,000 penalty units.

Public Sector Outsourcing

The key legislation that regulates and governs public procurement in Ghana is the Public Procurement Act 2003 (Act No. 663) (the “Act”) as amended by the Public Procurement (Amendment) Act 2016 (Act 914) (the Amendment Act). The Act regulates the procurement of all goods, works and services financed, in whole or in part, from public funds and the disposal of government stores. Every government agency, institution and establishment in which the government has a majority interest must comply with the Act. Public universities, public schools, colleges and hospitals are included.

The Public Procurement Authority (“Authority”) must ensure that public procurement is carried out in a fair, transparent and non-discriminatory manner and is vested with administrative powers to ensure that procuring entities comply with the Act. There are prescribed threshold values set out in the schedules to the act.

The Authority is also mandated to:

  • monitor the processes employed by procuring entities;
  • review procurement decisions made by procuring entities;
  • investigate procurement malpractices; and
  • sanction offenders.

Oil and Gas Services Outsourcing

Local Content and Local Participation Regulations L.I 2204 (“L.I.2204”) promotes maximisation of value-addition and job creation through the use of local expertise, goods and services business, financing in the petroleum industry value chain and their retention in Ghana. The Petroleum Commission has a mandate to ensure companies comply with LI2204.

Every contractor, sub-contractor and any other allied entity engaged in petroleum activities is required by Local Content L.I.2204 to incorporate local content as an important element in their project execution and management philosophy. Every petroleum project, activity or transaction must have a Long-Term and Annual Local Content Plan which would be assessed and approved by the Commission. Local Content refers to the quantum/percentage of locally produced materials, personnel, financing, goods and services rendered to the oil industry and which can be measured in monetary terms. Businesses in the upstream oil and gas sector must comply with L.I.2204 when outsourcing services.

Other Sectors

It is important that the parties to an outsourcing contract comply with any relevant sector-specific laws, such as requirements for licences, permits or approvals which regulate activities which are the subject matter of outsourcing. Examples of regulated sectors in Ghana include Mining (Minerals Commission), Pharmaceuticals (Foods and Drugs Agency/Ghana Standards Authority), Telecommunications (Ministry of Communications), Banks (Bank of Ghana) and Insurance (National Insurance Commission).

Anyone processing the personal data of Ghanaian citizens must comply with Ghana’s data protection laws. The legal and regulatory restrictions on data processing or data security are governed by the Data Protection Act, 2012 (Act 843). This means any provider of outsourced services must process personal data in accordance with prescribed data protection principles set out in the Act. Personal data is defined as “data about an individual who can be identified from the compiled data or other information in the possession of, or likely to come into the possession of the data controller”. The Act requires a data processor to take into consideration the privacy rights of the data subject in the processing of personal data. A data subject is the individual who is the subject of the personal data. It is compulsory for all processors and/or controllers of personal data to register with the Data Protection Commission.

A data controller who is not resident in Ghana must register as an external company with the Data Protection Commissioner. If the outsourcing services company appoints a third party to process data on its behalf, that appointment must be governed by a contract. The contract must be in writing and shall require the third-party data processor to establish and maintain the confidentiality and security measures necessary to ensure the integrity of the personal data. Where the third-party data processor is not domiciled in Ghana, the data controller shall ensure that the processor complies with all relevant laws of Ghana.

Most IT and BP outsourcing activities involve the processing of personal data. The data controller is usually the person procuring the outsourcing services with the data processor being the outsourcing service provider. The data controller must undertake extensive due diligence to ensure that the data processor has put in place proper measures to comply with the requirements of the Act.

The Offshore Transfer of Personal Data

There are no specific provisions in the Act on the transfer of personal data from Ghana to offshore jurisdictions. The Act is silent on the mechanisms which a business may typically utilise to transfer personal data offshore in compliance with applicable transfer restrictions. However, the sale, purchase, knowing or reckless disclosure of personal data or information is prohibited under the Act. The Act does however, specify exceptions to the grant of consent by a data subject to the processing of their personal data. Logically, these exceptions should be equally applicable in the case of foreign transfers of personal data. Thus, businesses may transfer personal data abroad with the prior consent of the data subject, or where the purpose for which the personal data is processed is necessary for the purpose of a contract to which the data subject is a party, or to protect a legitimate interest of the data subject, or the transfer is necessary for the proper performance of a statutory duty, or is necessary to pursue the legitimate interest of the data controller, or a third party to whom the data is supplied.

Conversely, there are legal restrictions on cross border data flows from an offshore jurisdiction into Ghana. The Act provides that a data controller or processor shall in respect of foreign data subjects ensure that personal data is processed in compliance with data protection legislation of the foreign jurisdiction of that subject where personal data originating from that jurisdiction is sent to Ghana for processing. In either case, the individual may object to the processing of their personal data at any time.

Data Security

In relation to data security, there is a legal requirement that a data processor or controller must treat the personal data of a data subject as confidential and must also comply with security measures in processing such data. This requirement applies to both local and foreign data subjects. All personal data which is collected must be only be used for its stated purpose.

A data controller has a duty to prevent the loss of, damage to, or unauthorised destruction of personal data, and the unlawful access to or unauthorised processing of personal data. The data controller must therefore adopt appropriate, reasonable, technical, and organisational means to take necessary steps to ensure the security of personal data in its possession or control. Additionally, a data controller is required to take reasonable measures to identify and forestall any reasonably foreseeable risks and ensure that any safeguards put in place are effectively implemented and updated continually.

A data controller is mandated to observe generally accepted and industry specific best practices in securing data and ensure that data processors comply with security measures.

There are additional specific requirements for the processing of sensitive personal data. Sensitive personal data is defined as personal data consisting of information related to:

  • a child who is under parental control according to the law; or
  • the religious or philosophical beliefs, ethnic or tribal origin, colour, race, trade union membership, political opinions, physical or mental health, mental condition, DNA, sexual life, criminal behaviour of the data subject or details of court proceedings relating to the individual.

 2.4 Penalties for Breach of Such Laws

There are various offences under the Act and each carries different penalties:

  • A person who fails to register as a data controller but processes personal data is liable on summary conviction to a fine of not more than 250 penalty units or a term of imprisonment of not more than two years, or both.
  • A person who fails to comply with an enforcement notice or an information notice from the Data Protection Commission is committing an offence and is liable on summary conviction to a fine of not more than 150 penalty units or a term of imprisonment of not more than a year, or to both.
  • A person who, in compliance with an information notice, knowingly or recklessly makes a statement which is false in a material respect, commits an offence and is liable on summary conviction to a fine of not more than 150 penalty units or a term of imprisonment of not more than one year, or to both.
  • A person shall not purchase the personal data, or the information contained in the personal data, of another person, knowingly obtain or knowingly or recklessly disclose the personal data or the information contained in the personal data of another person or disclose or cause to be disclosed to another person the information contained in such personal data. A person who contravenes the foregoing provision commits an offence punishable on summary conviction by a fine of not more than 250 penalty units or a term of imprisonment of not more than two years, or to both. A person who sells or offers to sell personal data of another person commits an offence punishable on summary conviction by a fine of not more than 2,500 penalty units or a term of imprisonment of not more than five years, or to both.

There is a general penalty where a person who commits an offence under the Act in respect of which a penalty is not specified is liable on summary conviction to a fine of not more than 5,000 penalty units or a term of imprisonment of not more than ten years, or both.

One penalty unit is equivalent to GHS12 (USD2.07 as at 14 October 2020).

 2.5 Contractual Protections on Data and Security

The Act does not specify any contractual provisions to be included in contracts, however, in order to comply with the act certain provisions must be included in the contract. Examples of these are:

  • detailed definitions including the definition of the purpose for which the data is being transferred;
  • detailed description of each party’s responsibilities;
  • liability and consequences of breach of contract;
  • consideration
  • governing Law
  • confidentiality;
  • security measures;
  • termination; and
  • post-termination obligations of each party.
error: Content is protected !!